summaryrefslogtreecommitdiffstats
path: root/freeipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
...
* Build: fix KDC proxy installation and remove unused kdcproxy.confPetr Spacek2016-11-091-5/+0
| | | | | | | | | | The only useful file is /etc/ipa/kdcproxy/kdcproxy.conf so I've removed the other copy of the file in /usr. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: remove unused dirs /var/cache/ipa/{sysupgrade,sysrestore} from SPECPetr Spacek2016-11-091-2/+0
| | | | | | | | | These directories were not used at all. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: do not compress manual pages at install timePetr Spacek2016-11-091-35/+35
| | | | | | | | | | | | | | | | | | | At the time of this writting https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages says this: When installing man pages, note that they should be installed uncompressed as the build system will compress them as needed. The compression method may change, so it is important to reference the pages in the %files section with a pattern that takes this into account: %{_mandir}/man1/foo.1* Removing the compression also allows to remove several install-data-hook targets from Makefile.am files. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: create /var/run directories at install timePetr Spacek2016-11-091-7/+2
| | | | | | | | | | | | | | | | | | | | | Directory creating was moved from SPEC file to install-data-hook. At the same time, it is using systemd-tmpfiles to create the directories so we do not risk any inconsistency between SPEC file and tmpfilesd configuration. systemd-tmpfiles call is non-critical on purpose: The build would fail when run under unprivileged user because systemd-tmpfiles tries to change ownership. Luckily it creates all the files and just do not change ownership so it works even under unprivileged user. Interestingly, systemd-tmpfiles continues if user does not have sufficient permissions to change ownership but fails if target username does not exist at all. For this reason there is BuildRequires on httpd. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: integrate init and init/systemd into build systemPetr Spacek2016-11-091-16/+1
| | | | | | | | | | | | | | | | | | | At the same time, I've renamed tmpfilesd config file to static name "ipa.conf" instead of using package-specific name. It had no purpose and just complicated build and packaging. Variable substitution into configuration has to be done in Makefile and not in Autoconf as documented in: Autoconf v2.69 manual chapter 4.8.2 Installation Directory Variables: ... Most of these variables have values that rely on prefix or exec_prefix. ... Similarly, you should not rely on AC_CONFIG_FILES to replace bindir and friends in your shell scripts and other files; instead, let make manage their replacement. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: integrate contrib directory into build systemPetr Spacek2016-11-091-2/+0
| | | | | | | | | BASH completion is now installed by make install. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: integrate daemons/dnssec into build systemPetr Spacek2016-11-091-13/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: rename project from ipa-server to freeipaPetr Spacek2016-11-091-1/+1
| | | | | | | | | The name from configure.ac is used when generating tarball. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: Makefiles for Python packagesPetr Spacek2016-11-091-1/+3
| | | | | | | | | | | | | | | | | | | | | | | This version builds only one version of Python packages. If you want to build for Python 2 & 3 call configure twice using different --with-python or specify PYTHON variable when calling make. dist-hook is using SOURCES.txt file from egg-info. According to Petr Viktorin this should be enough for our purposes and avoids need to create plugins for setuptools. Currently VPATH builds do not work for various reasons. This should be fixed later on. Most credit goes to these guys: Christian Heimes <cheimes@redhat.com> Petr Viktorin <pviktori@redhat.com> Kevin Brown <kevin@kevin-brown.com> https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: replace hand-made Makefile with one generated by AutomakePetr Spacek2016-11-091-17/+3
| | | | | | | | | | The neither build nor dist targets work completely. This is temporary breakage enabling further work. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: move version handling from Makefile to configurePetr Spacek2016-11-091-6/+12
| | | | | | | | | | | | | | | Version information is now in VERSION.m4 instead of VERSION. Makefile target version-update was minimized and configure can be run before make. Makefile temporarily contains hardcoded version which has to match the one specified in VERSION.m4. This is preparatory step which will allow us to replace hand-made Makefile with one generated by Automake. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* spec file: bump minimal required version of 389-ds-baseJan Cholasta2016-11-011-2/+2
| | | | | | | | | Require 389-ds-base >= 1.3.5.14 for: https://fedorahosted.org/389/ticket/48992 https://fedorahosted.org/freeipa/ticket/6369 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* pwpolicy: do not run klist on importJan Cholasta2016-10-241-1/+0
| | | | | | | | | | | | | On pwpolicy module import, "klist -V" is run to determine if the installed krb5 version supports account lockout (>= 1.8). Remove the check, as we require a krb5 version which does support account lockout (1.12). https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* client: remove unused libcurl build dependencyJan Cholasta2016-10-241-1/+0
| | | | | | | | | | The configure script checks for libcurl, but it is never actually used anywhere. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* makeapi, makeaci: do not fail on missing importsJan Cholasta2016-10-241-11/+10
| | | | | | | | | | | | | Add import hook to makeapi and makeaci which makes them ignore import errors in modules in our source tree and instead print a warning. This makes it possible to build IPA without having to have most of our runtime dependencies installed. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipaserver: remove ipalib import from setup.pyJan Cholasta2016-10-241-6/+6
| | | | | | | | | | | | | Instead of importing ipalib to get IPA version string, create setup.py from a template and have the version string automatically filled in. This makes it possible to build the ipaserver package without having to have ipalib dependencies installed. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* spec file: do not include BuildRequires for lint by defaultJan Cholasta2016-10-241-0/+5
| | | | | | | | | | | | | | Lint is never executed from rpmbuild, so the BuildRequires for lint are purely informational. Include them only if %with_lint RPM macro is specified. Update .travis.yml accordingly. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* spec file: clean up BuildRequiresJan Cholasta2016-10-241-50/+77
| | | | | | | | | | | | | | | | Add missing cyrus-sasl-devel, python-cffi, python-custodia, python-dateutil, python-nose, python-paste, python-sss-murmur, python-sssdconfig and systemd-python BuildRequires. Remove unused custodia, java-headless, m4, policycoreutils, python-kdcproxy, python-rhsm, pyOpenSSL and systemd-units BuildRequires. Correct versioned BuildRequires and provide explanatory comments. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Build: replace ipaplatform magic with symlinks generated by configurePetr Spacek2016-10-241-23/+0
| | | | | | | | | | | | | | | The original approach with __path__ implemented by 8f98fa1bd5f1da207fab6f89b75e0cdc19d00797 broke Pylint: We decided to resort back to symlinks as it is easiest solution which does not break pylint in weird ways. This commit introduces configure --with-ipaplatform option. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: merge client/configure.ac into top-level configure.acPetr Spacek2016-10-241-1/+0
| | | | | | | | https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: merge install/configure.ac into top-level configure.acPetr Spacek2016-10-241-1/+0
| | | | | | | | https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: merge asn1/configure.ac to top-level configure.acPetr Spacek2016-10-241-1/+1
| | | | | | | | | | This broke ONLY_CLIENT option in SPEC file. It will be fixed later on. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: promote daemons/configure.ac to top-level configure.acPetr Spacek2016-10-241-1/+1
| | | | | | | | | | | | | Top-level Makefile is still not managed by Automake (e.g. hand-made). This is preparatory work. Other configure.ac files will be gradually merged into the top-level one. After that we will be able to throw-away the hand-made top-level Makefile and use Automake for everything. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Build: pass down LIBDIR definition from RPM SPEC to MakefilePetr Spacek2016-10-241-10/+10
| | | | | | | | | | | Previously the value was sometimes lost. This was causing problems in later stages of refactoring. https://fedorahosted.org/freeipa/ticket/6418 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Move ipa-otpd to $libexecdir/ipaTimo Aaltonen2016-10-131-1/+1
| | | | | | This is more consistent with the other daemons. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Purge obsolete firefox extensionTimo Aaltonen2016-10-131-12/+0
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* spec: require Dogtag >= 10.3.5-6Fraser Tweedale2016-10-061-2/+2
| | | | | | | | | Require Dogtag 10.3.5-6, which is the first release that implements revocation of lightweight CA signing certificates upon deletion. Part of: https://fedorahosted.org/freeipa/ticket/6256 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: Implement tests with CSRs requesting SANMilan KubĂ­k2016-10-041-0/+2
| | | | | | | | | The patch implements several test cases testing the enforcement of CA ACLs on certificate requests with subject alternative names. https://fedorahosted.org/freeipa/ticket/6366 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* client: remove hard dependency on pam_krb5Jan Cholasta2016-09-191-1/+0
| | | | | | | | | If ipa-client-install is executed with --no-sssd, check if pam_krb5 is available before proceeding with the install. https://fedorahosted.org/freeipa/ticket/5557 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* freeipa.spec.in: move ipa CLI utility to freeipa-clientAlexander Bokovoy2016-08-301-31/+12
| | | | | | | | | | | | There is no notable package size cost, as all the libraries and packages are already in the freeipa-client package and freeipa-admintools only contained a short shim calling this code. Move /bin/ipa to freeipa-client, along with a man page and bash completion. Resolves: https://fedorahosted.org/freeipa/ticket/5934 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* support multiple uid values in schema compatibility treeAlexander Bokovoy2016-08-251-1/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/6138 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Require httpd 2.4.6-31 with mod_proxy Unix socket supportChristian Heimes2016-08-241-2/+2
| | | | | | | | | | | | | | httpd 2.4.6-6 does not support mod_proxy ProxyPass for Unix sockets. The feature is provided by 2.4.7 upstream was backported to 2.4.6-31 (bz1168081). It's required to proxy Custodia. https://bugzilla.redhat.com/show_bug.cgi?id=1168081 https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass https://fedorahosted.org/freeipa/ticket/6251 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* add python-libsss_nss_idmap and python-sss to BuildRequiresMartin Babinsky2016-08-221-0/+2
| | | | | | | | This fixes pylint failing on import errors during 'lint' phase of build. https://fedorahosted.org/freeipa/ticket/6244 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* support schema files from third-party pluginsAlexander Bokovoy2016-08-191-1/+4
| | | | | | | | | | | | | Allow upgrade process to include schema files from third-party plugins installed in /usr/share/ipa/schema.d/*.schema. The directory /usr/shar/eipa/schema.d is owned by the server-common subpackage and therefore third-party plugins should depend on freeipa-server-common (ipa-server-common) package in their package dependencies. Resolves: https://fedorahosted.org/freeipa/ticket/5864 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Silence sshd messages during installBen Lipton2016-08-161-7/+3
| | | | | | | | | | | Fix for accidentally pushed commit c15ba1f9e8c7d236586d46271fce7c3950b509da During install we call sshd with no config file, sometimes leading to it complaining about missing files or bad config options. Since we're just looking for the return code to see if the options are correct, we can discard these error messages. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* client: RPM require initscripts to get *-domainname.servicePetr Spacek2016-08-101-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4831 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Revert "spec: add conflict with bind-chroot to freeipa-server-dns"Jan Cholasta2016-08-091-3/+0
| | | | | | | | | | | Remove the conflict, as bind-chroot caused issue only on systems with older bind and bind-chroot - e.g. RHEL 6. This reverts commit 3ab63fa6ba60947b1452c2108c4cf7637f4aacdb. https://fedorahosted.org/freeipa/ticket/5696 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipa-kdb: Fix unit test after packaging changes in krb5Lukas Slebodnik2016-08-091-0/+2
| | | | | | | Resolves: https://fedorahosted.org/freeipa/ticket/6173 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add jslint into MakefilePavel Vomacka2016-08-091-0/+1
| | | | | | | | | | | | | Also put jsl into dependencies. The patch also split lint target into more smaller targets. The purpose of this change is to add possibility to run only fast jslint by using make jslint and don't waste time with pylint, which can take a lot of time. https://fedorahosted.org/freeipa/ticket/6161 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use existing HostKey config to test sshdBen Lipton2016-08-081-3/+7
| | | | | | | | | | Prevents sshd from producing warning messages on package upgrade because not all of the default host key files (/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key) are present. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* spec: require Dogtag >= 10.3.3-3Fraser Tweedale2016-07-151-3/+3
| | | | | | | | | | Required features that were expected to be released in Dogtag 10.3.4 have instead been released for Fedora in 10.3.3-3. Retract the minimum required version. https://fedorahosted.org/freeipa/ticket/5956 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Bump SSSD version in requiresMartin Basti2016-07-011-2/+2
| | | | | | | | | This is required by commit aa734da49440c5d12c0f8d4566505adaeef254e8 for function sss_nss_getnamebycert() https://fedorahosted.org/freeipa/ticket/4955 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* client: add support for pre-schema serversJan Cholasta2016-07-011-0/+3
| | | | | | | | | | | | | | | Bundle remote plugin interface definitions for servers which lack API schema support. These server API versions are included: * 2.49: IPA 3.1.0 on RHEL/CentOS 6.5+, * 2.114: IPA 4.1.4 on Fedora 22, * 2.156: IPA 4.2.0 on RHEL/CentOS 7.2 and IPA 4.2.4 on Fedora 23, * 2.164: IPA 4.3.1 on Fedora 23. For servers with other API versions, the closest lower API version is used. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix `Conflicts` with ipa-pythonPetr Spacek2016-06-301-2/+2
| | | | | | | | | The conflicts should have constant version in it because it is related to package split. https://fedorahosted.org/freeipa/ticket/6004 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Set default OCSP URI on install and upgradeFraser Tweedale2016-06-281-3/+3
| | | | | | | | | | | | | | Dogtag has been updated to support a default OCSP URI when the profile includes AuthInfoAccess with URI method but does not specify the URI (instead of constructing one based on Dogtag's hostname and port). Add the pkispawn config to ensure that the OCSP URI is set before issuing CA and system certificates, and add the config to existing CA instances on upgrade. Fixes: https://fedorahosted.org/freeipa/ticket/5956 Reviewed-By: Martin Basti <mbasti@redhat.com>
* mod_auth_gssapi: enable unique credential caches namesPetr Vobornik2016-06-241-1/+1
| | | | | | | | | | | | | | | | | mod_auth_gssapi > 1.4.0 implements support for unique ccaches names. Without it ccache name is derived from pricipal name. It solves a race condition in two concurrent request of the same principal. Where first request deletes the ccache and the second tries to use it which then fails. It may lead e.g. to a failure of two concurrent ipa-client-install. With this feature there are two ccaches so there is no clash. https://fedorahosted.org/freeipa/ticket/5653 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com>
* ipapwd_extop should use TARGET_DN defined by a pre-extop pluginThierry Bordaz2016-06-241-1/+1
| | | | | | | | | | | | | | ipapwd_extop allows to update the password on a specific entry, identified by its DN. It can be usefull to support virtual DN in the extop so that update of a virtual entry would land into the proper real entry. If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value of TARGET_DN, instead of using the original one (in the ber req) There is a dependency on slapi-nis >= 0.56-0.1 (https://fedorahosted.org/freeipa/ticket/5955) https://fedorahosted.org/freeipa/ticket/5946 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Require Dogtag >= 10.3.3Fraser Tweedale2016-06-231-3/+3
| | | | | | | | | | Dogtag 10.3.3 fixes a lightweight CA initialisation issue that caused existing lightweight CAs to not be initialised on CA replicas on first run (see https://fedorahosted.org/pki/ticket/2359). Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS Locations: dnsserver: put server_id option into named.confMartin Basti2016-06-171-1/+1
| | | | | | | | | | The option server_id is required for DNS location feature, otherwise it will not work. https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Require 389-ds-base >= 1.3.5.6Petr Spacek2016-06-161-3/+3
| | | | | | | | | Old DS handles LDAP filters incorrectly and breaks bind-dyndb-ldap. See https://www.redhat.com/archives/freeipa-devel/2016-June/msg00477.html https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-24 03:48:14 +0000